Ransomware Report

You can check the latest ransomware information.

title
Exx ransomware that changes all extensions to .exx, making data/files unusable
Registration date
2023-02-20
views
11628

[Exx ransomware]

[Virus/malware activity reported: Exx ransomware]

In response to a breach believed to be in the form of Exx ransomware,
we would like to confirm the situation and provide a warning as follows.

Exx ransomware

The ransomware is called Exx and appears to be changing all files with the extension filename.exx.

How it works

file version


[Figure 1 File version]


[Figure 2 File properties]

behavioral process

  • Register startup program

    Registers the ransomware file in the startup registry so that it runs again when Windows starts.


    [Figure 3 Startup program registration]

  • Check and delete shadow copies


    [Figure 4 Check and delete shadow copies]

Infection results

The information file is created in each folder with the name HELP_RESTORE_FILES_private key.TXT, and when encryption is performed, the files are changed to <file name.exx>.


[Figure 5 Infection result 1]


[Figure 6 Infection result 2]


[Figure 7 Infection result 3]

White Defender compatible

It supports real-time automatic restoration of files that will be encrypted before the malicious actions and blocking of WhiteDefender ransomware.


[Figure 8 Block message]


[Figure 9 Block message]


[Figure 10 Block message]

Watch Exx blocking video

Previous post
HydraCrypt ransomware that encrypts all files with .hydracrypt
next post
LIZARD ransomware encrypts all folder data on your PC
List
WhiteDefender Term of Use|Privacy Policy
Everyzone White Defender Co., Ltd. | CEO: Seunggyun Hong|Business registration number: 220-81-67981
Copyright ⓒEveryzone , Inc. All Rights Reserved.|